All Cloudflare Customers Protected from Atlassian Confluence CVE-2023-22515
Created on November 12, 2023 at 10:35 am
Tags: , atlassian, cloudflare, confluence, customers, cve202322515, cvecve202322515, data, escalation, managed, privilege, protected, rules, server, vulnerability
On 2023-10-04at 13:00 UTC , Atlassian released details of the zero-day vulnerability described as “Privilege Escalation Vulnerability in Confluence Data Center and Server” ( CVE-2023-22515 ), a zero-day vulnerability impacting Confluence Server and Data Center products.
Cloudflarewas warned about the vulnerability before the advisory was published and worked with Atlassian to proactively apply protective WAF rules for all customers. All Cloudflare customers, including Free, received the protection enabled by default. On 2023-10-03 14:00 UTC Cloudflare WAF team released the following managed rules to protect against the first variant of the vulnerability observed in real traffic.
Rule ID Description Default Action New Managed Rules …ec9f34e1 Atlassian Confluence – Privilege Escalation – CVE:CVE-2023-22515 Block Legacy Managed Rules 100604 and 100605
AtlassianConfluence – Privilege Escalation – CVE: CVE-2023-22515 Block Free Managed Rule …91935fcb Atlassian Confluence – Privilege Escalation – CVE:CVE-2023-22515 Block
When CVE-2023-22515is exploited, an attacker could access public Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts to access the instance. According to the advisory the vulnerability is assessed by Atlassian as critical. At the moment of writing a CVSS score is not yet known. More information can be found in the security advisory, including what versions of Confluence Server are affected.